I have read through all post regarding the machine authentication, but still couldn't figure out how to do it...Perhaps someone can highlight me....Our setup as below:
-Windows 2008 (Radius Server) + Aruba controller (without Clearpass)
-We need to ensure "user authentication and machine authentication", so that only domain computer can connect to corporate wireless.
Sound simple, i know i need to config "enforce machine authentication" in 802.1x profile, and setup the NPS policy properly, but i couldn't find what is the details as below questions:
1. Machine Authentication: Default Machine Role, what should i set it? (set up a role then assign vlan to it?)
2. Machine Authentication: Default User Role, what should i set it? (set up a role then assign vlan to it?)
3. From NPS policy, i have added condition that only these user groups (domain computers and domain users) can access?
4. From NPS radius attributes, i have configure tunnel-type as VLAN and assign vlan 100 for Users once authentication is successful.
So far only user authentication is working as i can see from the NPS logs, the computer boot up and trying to use machine authentication, NPS logs show that (Domain\Computer_name) has denied access.
Really no idea what need to configure in order the machine authentication kick in...